Community discussions

Search found 46 matches

by ivanfm
Sat Jul 27, 2019 2:06 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: PPP Issues after upgrade to v6.45.1
Replies: 5
Views: 878

Re: PPP Issues after upgrade to v6.45.1

There are a problem with passwords sent to radius in 6.45.1.

The problem is corrected in 6.45.2
by ivanfm
Tue Jul 02, 2019 10:56 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 60676

Re: v6.45.1 [stable] is released!

RouterOS version 6.45.1 (2019-Jun-27 10:23) has broken RADIUS PAP auth!!! We have 500+ clients with Mikrotik devices and 27 june in our RADIUS server we see many errors from Mikrotik devices: Mon Jul 1 11:04:53 2019 : Auth: Login incorrect (rlm_pap: CLEAR TEXT password check failed): [XX-XX-FA-92-1...
by ivanfm
Mon Jul 01, 2019 4:47 pm
Forum: Announcements
Topic: v6.43.16 [long-term] is released!
Replies: 12
Views: 6824

Re: v6.43.16 [long-term] is released!

Ditto on the recent Linux DOS vulnerabilities update - will Long-Term receive it and when. If not, please provide recommended Firewall filter rules. Thank you. The advisory linked to in the blog post suggest blocking TCP traffik with a low MSS, but doesn't mention what this "low MSS" is. So my gues...
by ivanfm
Tue Jun 25, 2019 5:27 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature requests
Replies: 1111
Views: 195988

Re: Feature requests

Hey, Mikrotik team! Please extend "netwatch" funtionality a little bit. It is a nice feature, but so undeveloped. It will be nice to have an option to set amount of ping to send before change status to down and at its frequency. ..and the possibility to set source address (e.g. remote ipsec hosts) ...
by ivanfm
Fri Mar 29, 2019 8:30 pm
Forum: Wireless Networking
Topic: Mikrotik CAPSMAN + SONOFF(ITEAD) devices
Replies: 7
Views: 1502

Re: Mikrotik CAPSMAN + SONOFF(ITEAD) devices

My home network is capsman based. I got 10 sonoff basic installed in the network without much problems.

I have used the "Compatible Pairing Mode (AP)" from the ewelink app on Android.
The "Quick Pairing mode (Touch)" which is the default mode does not worked.
by ivanfm
Tue Mar 19, 2019 6:45 pm
Forum: General
Topic: tool fetch - 2xx HTTP response codes
Replies: 3
Views: 1949

Re: tool fetch - 2xx HTTP response codes

Hello, I do have a simular problem: I want to implement a digest web authentification. The first step is to do a request to the server. The server will answer with 401 error but addional infos in the response. How to caputure the responce into a textfile or variable? Mikrotik scripting is not accep...
by ivanfm
Fri Mar 01, 2019 4:18 pm
Forum: Scripting
Topic: POST Request with fetch
Replies: 67
Views: 25001

Re: POST Request with fetch

This things will be better when authentications like digest is implemented for fetch command because some new devices are not supporting more the basic authentication.
by ivanfm
Wed Jan 02, 2019 3:24 pm
Forum: Announcements
Topic: Product comparison matrix
Replies: 30
Views: 4195

Re: Product comparison matrix

This javascript library has many functions for filter, sorting and formatting that can be usefull for this matrix : https://mottie.github.io/tablesorter/docs/ Please add the filter and sort2hash modules. This will make very easy to create views of this table and pass the links to "show" only a subse...
by ivanfm
Mon Oct 29, 2018 7:32 pm
Forum: Announcements
Topic: v6.43.4 [stable] is released!
Replies: 78
Views: 21631

Re: v6.43.4 [stable] is released!

Hi Europe/Volgograd time zone is incorrect. should be GMT Offset +04:00 from October 28 It's not MiktoTik problem. All websites I can found show GMT +03:00 for Volgograd today, even Google. If +04:00 is true, it needs to be fixed in TimeZone Database, not in applications. This Volgograd change was ...
by ivanfm
Fri Oct 26, 2018 3:12 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 25012

Re: v6.42.9 [long-term] is released!

Bridge always worked that way and if suddenly bridge with inactive (no ports) will not have running flag, it will break all configurations with loopbacks and other configurations where bridge is used as dummy interface. In the migration from master to bridge you have break an always working configu...
by ivanfm
Tue Oct 23, 2018 1:49 pm
Forum: Announcements
Topic: v6.42.9 [long-term] is released!
Replies: 119
Views: 25012

Re: v6.42.9 [long-term] is released!

I have posted repeatedly why this is unacceptable. To be honest, never saw such posts. Any links? Anyway, have you reported to support@mikrotik.com? I have found a single post about this : https://forum.mikrotik.com/viewtopic.php?f=21&t=123936&p=626322#p626322 It's a valid use case. But I agree wit...
by ivanfm
Mon Sep 10, 2018 9:27 pm
Forum: Announcements
Topic: v6.43 [current] is released!
Replies: 148
Views: 27430

Re: v6.43 [current] is released!

After updating on all my devices I see such a picture. https://forum.mikrotik.com/download/file.php?mode=view&id=33580 https://forum.mikrotik.com/download/file.php?mode=view&id=33579 I have found this "setW60Gap" variable in one of my upgraded devices (751G-2HnD). I have not found any new variables...
by ivanfm
Fri Aug 10, 2018 5:25 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: New IP cloud is coming.
Replies: 83
Views: 25026

Re: New IP cloud is coming.

coming to the router near you soon: $ host <serial>.sn.mynetname.net <serial>.sn.mynetname.net has address 192.168.88.1 <serial>.sn.mynetname.net has IPv6 address 2001:db8:1337:beef::ada Suggestion : add an option in cloud service to add an extra personal prefix. like "xyz" when user define persona...
by ivanfm
Wed Jul 25, 2018 1:49 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 109348

Re: v6.43rc [release candidate] is released!

Drop of RADIUS PAP support for ssh logins is a big problem for us too. We're using a one-time password implementation which is impossible to integrate with MS-CHAPv2 - the security appliance only stores the hash of the PIN (fixed part of the password) and because of this cannot support MS-CHAPv2 si...
by ivanfm
Wed May 23, 2018 10:58 pm
Forum: Announcements
Topic: v6.43rc [release candidate] is released!
Replies: 557
Views: 109348

Re: v6.43rc [release candidate] is released!

*) backup - do not encrypt backup file unless password is provided; I like the current way it works the backup is encrypted with admin password. Please make an option to encrypt using current admin password like before, I don't want to have my backup unencrypted neither want to put a password in a s...
by ivanfm
Mon Apr 30, 2018 10:49 pm
Forum: General
Topic: Disable DHCP on LTE ?
Replies: 8
Views: 1607

Re: Disable DHCP on LTE ?

I also want to disable this automatic DHCP client.

I want my mikrotik in a fixed IP address to use the DMZ service on LTE modem.

The modem does not have option to specify fixed addresses neither has options to reduce the dhcp range.
by ivanfm
Sun Apr 29, 2018 10:47 pm
Forum: Announcements
Topic: v6.42.1 [current]
Replies: 272
Views: 43306

Re: v6.42.1 [current]

Does 6.42.1 force SSH host key renewal on first login after the upgrade? The SSH host keys are changing on every router I upgrade and I want to rule out the unlikely MITM. A few of my devices have changed keys, many of them retained the old key. I did not find motive to rebuild key in some and not ...
by ivanfm
Mon Apr 23, 2018 6:39 pm
Forum: Announcements
Topic: Advisory: Vulnerability exploiting the Winbox port [SOLVED]
Replies: 204
Views: 155089

Re: Advisory: Vulnerability exploiting the Winbox port

That is true, yes. We have a nice article on how to make your device secure, I suggest everyone read it, as it contains most of the basics: https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router normis some of the commands in this article works only in old versions. Like mac-server now uses an ...
by ivanfm
Tue Apr 10, 2018 5:18 pm
Forum: Scripting
Topic: Feature request: tool/fetch new property - no-log
Replies: 5
Views: 1115

Re: Feature request: tool/fetch new property - no-log

will be nice an option to log only on error.

no messages when got and 200 response, but log for connection error or different status code.
by ivanfm
Tue Mar 13, 2018 7:01 pm
Forum: Scripting
Topic: Built in function library
Replies: 50
Views: 11066

Re: Built in function library

My suggestions : ISODateTime - returns date/time in ISO format, great for saving backup files, that can be ordered, currently the ROS date used month as text. FlashPrefix - receive an filename and return it with /flash/ when the device has an /flash directory to keep saved files Function to keep onl...
by ivanfm
Sun Mar 04, 2018 2:21 pm
Forum: Announcements
Topic: v6.42rc [release candidate] is released!
Replies: 538
Views: 94171

Re: v6.42rc [release candidate] is released!

You can always configure OpenDNS as your DNS server, either as the DNS for the router itself and then advertise the router address as DNS server in DHCP or by advertising the OpenDNS servers in DHCP, and then configure an OpenDNS account on your internet address with the settings you like. You do n...
by ivanfm
Sun Mar 04, 2018 2:03 pm
Forum: Scripting
Topic: disable reset button
Replies: 6
Views: 3648

Re: disable reset button

Is there a way to just disable the backup when doing reset by button ?

The reset can be made, we just don't want the previous configuration to be preserved in any place.
This will be safer for vpn passwords and other private data.
by ivanfm
Sat Jan 20, 2018 11:54 am
Forum: Announcements
Topic: Securing your device is important
Replies: 31
Views: 9826

Re: Securing your device is important

/ip firewall filter # ensure this is at the top of the rule list add action=accept chain=input comment="allow admin access to router from authorized clients" dst-port=22222,8888,8291 in-interface-list=!WAN protocol=tcp Will be very nice if mikrotik add to the dst-address-type an other option like "...
by ivanfm
Thu Jan 11, 2018 12:38 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Why is it not possible to login hotspot users via API?
Replies: 16
Views: 3793

Re: Why is it not possible to login hotspot users via API?

Configure your hotspot to use radius.

In your radius server you can decide which users can be logged or not.

There are many mini radius servers that can be used to make this happens with small adjustments.
by ivanfm
Wed Jan 03, 2018 5:37 pm
Forum: Announcements
Topic: Dual band AP for home use, SSID same or different?
Replies: 62
Views: 31188

Re: Dual band AP for home use, SSID same or different?

Standard users does not understand 2.4G and 5G, but they can understand that network XX-2.4G are better in some places of the house than the XX-5G. When I had used same ssid for two networks was very difficult to troubleshot remotely. Using different ssid make easier even for non technical users to ...
by ivanfm
Thu Nov 02, 2017 2:09 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Feature Request: RADIUS 'test'
Replies: 26
Views: 15145

Re: Feature Request: RADIUS 'test'

+1

I think we should have two options :

1. Just send the request following the radius order
2. Send the request for one specific radius server
by ivanfm
Thu Nov 02, 2017 1:18 pm
Forum: Announcements
Topic: v6.41rc [release candidate] is released! New bridge implementation!
Replies: 561
Views: 121008

Re: v6.41rc [release candidate] is released! New bridge implementation!

What's new in 6.41rc50 (2017-Oct-30 10:13):
*) radius - limited RADIUS timeout maximum value to 3 seconds;
do not do this, our system on average 1~5 seconds to process the radius package
please leave this field customizable

We also have to use 5 seconds.
by ivanfm
Thu Sep 07, 2017 7:30 pm
Forum: General
Topic: Olivetti Olicard 500 4G USB Modem not detected
Replies: 9
Views: 1623

Re: Olivetti Olicard 500 4G USB Modem not detected

For ppp you should enable ipv6 in the ppp profile selected in the ppp connection.

Look this :

https://wiki.mikrotik.com/wiki/3G_confi ... with_Tele2
https://wiki.mikrotik.com/wiki/Manual:P ... r_Profiles

If your provider gives PD you should configure PD.
by ivanfm
Wed Sep 06, 2017 7:06 am
Forum: General
Topic: Olivetti Olicard 500 4G USB Modem not detected
Replies: 9
Views: 1623

Re: Olivetti Olicard 500 4G USB Modem not detected

brunoeco do you know if this modem works with ipv6 ?

Thanks
by ivanfm
Mon Aug 28, 2017 6:44 pm
Forum: Scripting
Topic: Valid Ip in conection ppp-out 3g/4g Vivo
Replies: 11
Views: 1634

Re: Valid Ip in conection ppp-out 3g/4g Vivo

There are many tutorials in the wiki showing how to make VPN using mikrotik. https://wiki.mikrotik.com/wiki/Category:VPN https://wiki.mikrotik.com/wiki/Tunnels You could use an standard linux or an Mikrotik CHR at AWS . For best performance try to use ipsec To work from any place the sstp is the bes...
by ivanfm
Mon Aug 28, 2017 5:08 pm
Forum: Scripting
Topic: Valid Ip in conection ppp-out 3g/4g Vivo
Replies: 11
Views: 1634

Re: Valid Ip in conection ppp-out 3g/4g Vivo

In some places the providers are giving only the CGNAT addresses, you can try to change operator. I use TIM and got valid IPV4 address, and IPv6 (São Paulo). Another solution which I use to keep access and to be away from port blocking is to create a VPN from the router to a place where you have an ...
by ivanfm
Sat Apr 29, 2017 6:00 pm
Forum: Announcements
Topic: v6.39 [current]
Replies: 89
Views: 32870

Re: v6.39 [current]

Updated some devices :

RouterBOARD wAP 2nD r2 : all configuration was lost, the device had to be reconfigured from scratch.
RB951 and 751 : without trouble.
by ivanfm
Mon Feb 20, 2017 5:43 pm
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 4189

Re: HTTPS URLs not working in hotspot walled garden

Maybe that's how it happens, but it's not the best way. Maybe that's why I'm having multiple domains of google released incorrectly. Today, HTTPS requests use TLS and browsers support SNI existem, in which the name of the server is sent. Https://en.wikipedia.org/wiki/Server_Name_Indication Can you ...
by ivanfm
Fri Feb 17, 2017 6:38 pm
Forum: General
Topic: socks service with IPV6
Replies: 2
Views: 655

socks service with IPV6

Hi, anyone has tried to use the mikrotik socks service via IPV6 ? I have the service enabled, it accept connections on ipv4, but I got connection refused when trying to connect via ipv6 address. The firewall is correct and connections are enabled. I want to use the socks service to make some IPV4 se...
by ivanfm
Mon Jan 23, 2017 3:21 pm
Forum: RouterBOARD hardware
Topic: Choosing Mikrotik HW for my house
Replies: 12
Views: 2373

Re: Choosing Mikrotik HW for my house

Thanks for all the info! ;) I have an good offer for RB951G-2HnD, which should be used as router (for some time, later changed for RB750Gr3 probably), RB751U-2HnD also used but great price. Connected by Ethernet together and where needed I will buy mAP/cAP/hAP/*lite and decrease power for RB951/RB7...
by ivanfm
Sat Dec 17, 2016 1:23 pm
Forum: General
Topic: LTE modem not detected
Replies: 10
Views: 2328

Re: LTE modem not detected

Same Issue - ZTE MF823L modem, sim unlocked, works fine direct on a linux machine as an ethernet device. Detected correctly in mAP 2n ----------------- routerboard: yes model: RouterBOARD mAP 2n firmware-type: ar9330L factory-firmware: 3.17 current-firmware: 3.24 upgrade-firmware: 3.24 -------------...
by ivanfm
Sat Oct 22, 2016 4:48 am
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 4189

Re: HTTPS URLs not working in hotspot walled garden

If two names with different rules resolve to the same IP, then what do you expect the Mikrotik to do?

Considering that it connect check inside the https , it should permit both names, because the IP is permitted.
by ivanfm
Tue Oct 18, 2016 9:35 pm
Forum: General
Topic: IPv6 Tunnel over https
Replies: 8
Views: 977

Re: IPv6 Tunnel over https

Create your SSTP VPN as documented here : http://wiki.mikrotik.com/wiki/Manual:Interface/SSTP on client add static ip on the interface and the route /ipv6 address add interface=CLIENT_VPN_INTERFACE address=CLIENT_IPV6_ADDRESS advertise=no /ipv6 route add dst-address=THE_ADRESSESS_TO_ROUTE gateway=CL...
by ivanfm
Sun Oct 16, 2016 4:08 am
Forum: General
Topic: is possible to generate certificates with SHA1 fingerprint ?
Replies: 2
Views: 642

Re: is possible to generate certificates with SHA1 fingerprint ?

I known it will be phase out, but the official client does not support in Android and Windows, this can be a big problem how we can have a very secure server if most of clients connect to it.
by ivanfm
Sun Oct 16, 2016 12:04 am
Forum: Wireless Networking
Topic: wifi scan disabling the broadcast ssid
Replies: 1
Views: 682

wifi scan disabling the broadcast ssid

I was testing the wireless scan and found a problem. using version 6.37.1 After doing wireless scan : /interface wireless scan wlan1 duration=10s save-file=wireless-scan the device stops broadcasting the SSID, if I disable/enable the wlan1 on webfig interface it returns, or if I just enable by comma...
by ivanfm
Sat Oct 15, 2016 11:09 pm
Forum: General
Topic: IPv6 Tunnel over https
Replies: 8
Views: 977

Re: IPv6 Tunnel over https

I'm using IPV6 on SSTP VPN with mikrotik.

The server does not pull the address for client, but if you configure static address and routes the ipv6 traffic goes fine.

Will be very nice if mikrotik get the IP from radius and pull to the client.
by ivanfm
Sat Oct 15, 2016 10:28 pm
Forum: General
Topic: is possible to generate certificates with SHA1 fingerprint ?
Replies: 2
Views: 642

is possible to generate certificates with SHA1 fingerprint ?

According to the docs http://wiki.mikrotik.com/wiki/Manual:System/Certificates "All certificate fingerprints are SHA1. Starting from v6.18 sha256 is used for certificate fingerprints and hashes" I'm using internal generated certificates with openvpn, and the "OpenVPN Connect" client does not support...
by ivanfm
Sat Oct 15, 2016 10:22 pm
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 4189

Re: HTTPS URLs not working in hotspot walled garden

I understand that mikrotik cannot lookup inside the packets to see the real request destination by Host header. But the hotspot code can have an option to check the DNS resolutions (yes All DNS resolutions are being made by the mikrotik) and when there are an resolution for a name in walled garden f...
by ivanfm
Sat Oct 01, 2016 1:18 am
Forum: General
Topic: HTTPS URLs not working in hotspot walled garden
Replies: 11
Views: 4189

Re: HTTPS URLs not working in hotspot walled garden

I have found this problem in my tests with version 6.36 and 6.37. What I have discovered (replaced original domains ) : http://www.xyz.com works https://www.xyz.com does not work the walled garden have the www.xyz.com host with allow entry. Currently the www.xyz.com is not an A record in DNS but an ...
by ivanfm
Sat Jun 15, 2013 3:38 pm
Forum: General
Topic: RouterOS 6.1 released
Replies: 198
Views: 53259

Re: RouterOS 6.1 released

I have upgraded from 5.25 to 6.1.
After upgrade I cannot login using web interface using Chrome 27.0.1453.110(Linux).

I got the message "ERROR: Internal Server Error"

I can connect to web interface using firefox, and I can connect using ssh.